‘Anonymous’ Browsing Data Can Be Easily Exposed

A judge's porn preferences and the medication used by a German MP were among the personal data uncovered by two German researchers who acquired the "anonymous" browsing habits of more than three million German citizens.

"What would you think," asked Svea Eckert, "if somebody showed up at your door saying: 'Hey, I have your complete browsing history -- every day, every hour, every minute, every click you did on the web for the last month'? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it."

Eckert, a journalist, paired up with data scientist Andreas Dewes to acquire personal user data and see what they could glean from it.

Presenting their findings at the Def Con hacking conference in Las Vegas, the pair revealed how they secured a database containing 3bn URLs from 3 million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives.

Getting hold of the information was actually even easier than buying it. The pair created a fake marketing company, replete with its own website, a LinkedIn page for its chief executive, and even a careers site -- which garnered a few applications from other marketers tricked by the company.

They piled the site full of "many nice pictures and some marketing buzzwords," claiming to have developed a machine-learning algorithm which would be able to market more effectively to people, but only if it was trained with a large amount of data.

"We wrote and called nearly a hundred companies, and asked if we could have the raw data, the clickstream from people's lives." It took slightly longer than it should...

Comments are closed.